db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Knut Anders Hatlen <knut.hat...@oracle.com>
Subject Re: password encryption for native authentication
Date Sat, 01 Jun 2013 14:09:41 GMT
Rick Hillegas <rick.hillegas@oracle.com> writes:

> On 5/31/13 7:46 AM, Katherine Marsden wrote:
>> Does Derby implement some sort of password encryption for native
>> authentication?
>>
>> Sometimes,  I need to speak toward Derby's encryption capabilities
>> in the context of international export.  Normally I can just defer
>> to the java implementation for things like database encryption or
>> SSL/TSL, but I wonder if some encryption code has been added for
>> Native Authentication that needs to be considered.
>>
>> Thanks
>>
>> Kathey
>>
> Thanks for bringing up this topic, Kathey. Yes, the NATIVE passwords
> stored in SYS.SYSUSERS are encrypted.

One clarification: The passwords are hashed, not encrypted. Encryption
is a reversible process, whereas hashing is irreversible, and the stored
passwords cannot be decrypted.

There is no implementation of the actual cryptographic algorithms in
Derby, though. The authentication service uses the JRE's implementation
via the Java Security API.

> The encryption for a password is
> described by the corresponding SYS.SYSUSERS.HASHINGSCHEME column. The
> information in the HASHINGSCHEME column is used to construct a
> PasswordHasher for this purpose. The behavior of this hashing can be
> configured via the following Derby properties:
>
>   derby.authentication.builtin.algorithm
>   derby.authentication.builtin.iterations
>   derby.authentication.builtin.saltLength
>
> Thanks,
> -Rick

-- 
Knut Anders

Mime
View raw message